CVE-2020-27484

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow...

Cross site scripting

A reflected cross-site scripting XSS vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url different vector than CVE-2020-28414...

EDR Solutions Require Comprehensive Telemetry to Fend Off Multi-Vector Attacks

Endpoint devices are under increasingly aggressive and sophisticated attacks, so protecting them effectively from cyber criminals has become a thorny and vexing challenge as the threat landscape expands. It doesn’t help that endpoint protection today fluctuates between two strategies that are...

PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

hw: Vector Register Leakage-Active

A flaw was found in the Intel Advanced Vector Extensions AVX implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state...

RHEL 7 : microcode_ctl (RHSA-2020:5083)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5083 advisory. Security Fixes: hw: Information disclosure issue in Intel SGX via RAPL interface CVE-2020-8695 hw: Vector Register Leakage-Active...

RHEL 8 : microcode_ctl (RHSA-2020:5085)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:5085 advisory. Security Fixes: hw: Information disclosure issue in Intel SGX via RAPL interface CVE-2020-8695 hw: Vector Register Leakage-Active...

Security Bulletin: CSV Injection Security vulnerability in ACCE in FileNet Content Manager

Summary Administration Console for Content Platform Engine ACCE CSV Injection Security vulnerability exists in FileNet Content Manager Vulnerability Details CVEID: CVE-2020-4759 DESCRIPTION: IBM FileNet Content Manager is potentially vulnerable to CVS Injection. A remote attacker could execute...

binutils security update

2.30-79.0.1 - Forward-port Oracle patches from 2.30-75.0.1 - Reviewed-by: Jose E. Marchesi 2.30-79 - Fix x86 assemblers handling of non-8-bit displacements. 1869401 2.30-77 - Add tests missing from PTGNUSEGMENT patch. 1870039 2.30-75.0.1 - Forward-port Oracle patches to OL8.3 beta. 2.30-76 - Have...

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

Vulnerability Descriptions in the New Version of the Security Update Guide

With the launch of the new version of the Security Update Guide, Microsoft is demonstrating its commitment to industry standards by describing the vulnerabilities with the Common Vulnerability Scoring System CVSS. This is a precise method that describes the vulnerability with attributes such as t...

File Upload Vulnerability in easySite Content Management System

CSCL is a provider of artificial intelligence technology and informatization software and platforms. A file upload vulnerability exists in easySite Content Management System, which can be exploited by attackers to gain control of the server...

Citrix Diagnostics Toolkit - 64bit Edition

Citrix Diagnostic Toolkit x64 – C.D.T Citrix Diagnostic Toolkit x64 – C.D.T| Description| Important Notes about This Release ---|---|--- Citrix Tools Included| Prerequisites| Why does C.D.T. use an Installer Installing C.D.T.| Start Menu Integration| Tracing Options and Setup XenApp Tracing Optio...

Citrix Diagnostics Toolkit - 32bit Edition

Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the download location. Citrix Diagnostic Toolkit x86 – C.D.T Citrix Diagnostic Toolkit x86...

UBUNTU-CVE-2020-15275

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

Input validation

Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector...

mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS

A flaw was found in the mysql-connector-java package. A complicated attack against the mysql Connector/J allows attackers on the local network to interfere with a user's connection, causing a denial of service of the MySQL Connectors...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...